Big file systems with geli

Marius Nünnerich marius at nuenneri.ch
Mon Oct 20 20:50:51 UTC 2008


On Tue, Sep 23, 2008 at 3:18 PM, Christian Baer
<christian.baer at uni-dortmund.de> wrote:
> Hey there folks!
>
> After reading up a little on encryption modes, I was wondering, how large
> may a geli-encrypted file system be and still be cosidered being secure?
> There are suggestions not to go above 1TB with a single key in XTS mode[1].
> geli uses cbc, IIRC, which is a simpler approach. So I was wondering, what
> size might be safe here.
>
> 1TB file systems can even be on single drives (Seagate has 1,5TB drives) and
> RAIDs could be even bigger. Since ffs can go way beyond that, a hint
> concerning geli would be nice.

That depends on your situation. For the usual private stuff I think
it's ok to have 1TB Filesystems, for other things maybe not. Maybe you
should ask some crypto folks :)

>
> Regards,
> Chris
>
> [1] http://en.wikipedia.org/wiki/Disk_encryption_theory#XTS


More information about the freebsd-geom mailing list